当前位置: 动力学知识库 > 问答 > 编程问答 >

Use asp.net forms authentication so only logged in users can view website

问题描述:

Login.aspx, passwordrecovery.aspx, and register.aspx should be the only pages accessible for logged in users. I have the following in my webconfig:

 <authentication mode="Forms">

<forms loginUrl="Login.aspx" defaultUrl="Login.aspx" />

</authentication>

<authorization>

<deny users="?"/>

</authorization>

I have the following in my configuration element of my webconfig:

 <location path="images">

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

</location>

<location path="css">

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

</location>

<location path="login.aspx">

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

</location>

<location path="register.aspx">

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

</location>

<location path="passwordrecovery.aspx">

<system.web>

<authorization>

<allow users="*" />

</authorization>

</system.web>

</location>

I get an Error: ASP.NET Ajax client-side framework failed to load. alert box when viewing any of the public pages. How do I allow access to the asp.net client-side framework (using the location tags?)?

网友答案:

Check the actual url that is requested. I think those will be the calls to Webresource.axd.

网友答案:

I checked fiddler and added the following:

<location path="Telerik.Web.Ui.WebResource.axd">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Ajax client side framework now loads - error message is gone. For those not using the Telerik controls - I'm sure you can use something similar to:

<location path="WebResource.axd">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
网友答案:

I agree with Greg, put all your public resources in the root and place any protected items in a subfolder.

Ex:

<location path="login.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="subfolderName">
    <system.web>
        <authorization>
            <allow roles="myRole" />
            <deny users="*" />

            <!-- deny unknown users -->
            <deny users="?" />
        </authorization>
    </system.web>
</location>
分享给朋友:
您可能感兴趣的文章:
随机阅读: